From ChekMate Security Group
<?
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2002 Michael Earls |
| |
| This program is free software; you can redistribute it and/or |
| modify it under the terms of the GNU General Public License |
| as published by the Free Software Foundation; either version 2 |
| of the License, or (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
+-------------------------------------------------------------------------+
| php-syslog-ng: php4 mysql syslog-ng |
+-------------------------------------------------------------------------+
| This code is currently maintained and debugged by Michael Earls, any |
| questions or comments regarding this code should be directed to: |
| - michael@michaelearls.com |
+-------------------------------------------------------------------------+
| - vermeer - http://www.vermeer.org/ |
+-------------------------------------------------------------------------+
*/
?>
<html>
<?
echo "<META HTTP-EQUIV=\"refresh\" content=\"300;URL=$PHP_SELF?offset=$offset&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit\">";
?>
<head>
<title>
Network Syslog Search Results
</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
</head>
<body><font face=arial size=2>
<?
include("dbinfo.inc.php");
@ $db = mysql_pconnect("$hostname", "$username", "$password");
if (!$db)
{
echo "Error: Could not connect to database. Please try again later.";
exit;
}
@mysql_select_db( "$dbName") or die( "Unable to select database");
?>
<?
if ($host == "") { $host = "*"; }
if ($date == "") { $date = "*"; }
if ($priority == "") { $priority = "*"; }
if ($limit == "") { $limit = 25; }
$message = urldecode($message);
?>
<form action="summary.php" method="post" name="results">
<center><table width="0%" style="border-collapse: collapse" bordercolor="#111111" cellpadding="2" cellspacing="1" border="0">
<tr>
<td rowspan=4 valign="top">
<p align="center">
<a href="index.php" border=0><img border="0" src="images/NetworkSyslogViewer.gif" width="211" height="74"></a></td>
<td height="23" align="right" nowrap><font size="2" face="Arial">Host</font></tr>
<td height="23" nowrap><font face="Arial"> <select name=host>
<?
$XX = "data empty!";
$aku = mysql_query("SELECT DISTINCT host from logs");
echo "<option>*\n";
while ($row = mysql_fetch_array($aku))
{
$vhost=$row["host"];
if ($host == $vhost) {
echo "<option selected>".$vhost."\n";
} else {
echo "<option>".$vhost."\n";
}
}
?>
</select></font></tr>
<td height="23" align="right" nowrap><font size="2" face="Arial">Priority</font></tr>
<td height="23" nowrap><font face="Arial"> <select name=priority>
<?
$XX = "data empty!";
$aku = mysql_query("SELECT DISTINCT priority from logs");
echo "<option>*\n";
while ($row = mysql_fetch_array($aku))
{
$vpriority=$row["priority"];
if ($priority == $vpriority) {
echo "<option selected>".$vpriority."\n";
} else {
echo "<option>".$vpriority."\n";
}
}
?>
</select></font></tr>
<tr>
<td height="23" align="right" nowrap><font size="2" face="Arial">Date</font></tr>
<td height="23" nowrap><font face="Arial"> <select name=date>
<?
$XX = "data empty!";
$aku = mysql_query("SELECT DISTINCT date from logs order by date DESC");
echo "<option>*\n";
while ($row = mysql_fetch_array($aku))
{
$vdate=$row["date"];
if ($date == $vdate) {
echo "<option selected>".$vdate."\n";
} else {
echo "<option>".$vdate."\n";
}
}
?>
</select></font></tr>
<td height="23" align="right" nowrap><font size="2" face="Arial">Records per page</font></tr>
<td height="23" nowrap><font face="Arial">
<select name=limit>
<?
if ($limit == 25) { echo "<option selected>25</option>"; } else { echo "<option>25</option>"; }
if ($limit == 50) { echo "<option selected>50</option>"; } else { echo "<option>50</option>"; }
if ($limit == 100) { echo "<option selected>100</option>"; } else { echo "<option>100</option>"; }
if ($limit == 200) { echo "<option selected>200</option>"; } else { echo "<option>200</option>"; }
if ($limit == 500) { echo "<option selected>500</option>"; } else { echo "<option>500</option>"; }
if ($limit == 1000) { echo "<option selected>1000</option>"; } else { echo "<option>1000</option>"; }
?>
</select></font></tr>
<tr>
<td height="22" align="right" nowrap><font size="2" face="Arial">Keywords</b></font></tr>
<?
echo "<td colspan=\"2\" height=\"22\" nowrap><font face=\"Arial\"><input name=\"message\" value=\"$message\" size=\"40\"></font>";
?>
<td colspan="1" height="22" align="center" nowrap><font face="Arial">
<input type="submit" value="Search"></td>
</tr>
</table>
</center>
</form>
<?
// begin script
mysql_select_db("$dbName");
$where = "";
$query = "select count(*) AS NumEvents, host, priority, msg, MAX(CONCAT(DATE,' ',TIME)) AS timestamp from logs";
if($host!="*")
$where = "host='".$host."' ";
if($priority!="*")
{
if($where!="") $where = $where." and ";
$where = $where." priority='".$priority."' ";
}
if($message!="")
{
if($where!="") $where = $where." and ";
$where = $where." msg LIKE '%".$message."%' ";
}
if($date!="*")
{
if($where !="") $where = $where." and ";
$where = $where." date='".$date."' ";
}
if($where !="") { $query = $query." where ".$where; }
if ($neworder == 1) {
if ($order == 1) {
$order = 0; $orderby = "";
} else {
$order = 1; $orderby = "DESC";
}
}
if($sort !="") {
$query = $query." group by host, priority, msg order by ".$sort." $orderby, date DESC, time DESC";
} else {
$query = $query." group by host, priority, msg order by date $orderby, time DESC";
}
# echo "$query<br>\n";
include("category.inc.php");
#echo "<table border=0 width=100%><tr><td><font size=2>Goto: <a href=summary.php?offset=$offset&host=$host&priority=$priority&limit=$limit&sort=$sort&order=$order&message=" . urlencode($message) . "><font color=black>Summary</font></a> / <a href=index.php?offset=$offset&host=$host&priority=$priority&limit=$limit&sort=$sort&order=$order&message=" . urlencode($message) . "><font color=black>Detail</font></a> --- Currently in <b>Summary View</b></font></td><td align=right><font size=2><b>Corporate Network</b> | <a href=/accessedsyslog/>Accessed URLs</a> | <a href=/uksyslog/>UK Syslog</a> | <a href=/securesyslog/>Security Syslog</a> | <a href=advanced.php>Advanced Search</a></font></td></tr></table>";
$result = mysql_query($query);
$num_results = mysql_num_rows($result);
if (empty($offset)) {
$offset=1;
}
$offsettemp=$offset-1;
$startoffsetnum = $offset;
$endoffsetnum = $offset + $limit;
if ($endoffsetnum > $num_results) {$endoffsetnum = $num_results;}
$results = mysql_query("$query limit $offsettemp, $limit");
if ($host <> "*") {
$searchstring = "Host = " . $host;
}
if ($priority <> "*") {
if ($searchstring <> "") { $searchstring = $searchstring . "</b> and <b>"; }
$searchstring = $searchstring . "Priority = $priority";
}
if ($date <> "*") {
if ($searchstring <> "") { $searchstring = $searchstring . "</b> and <b>"; }
$searchstring = $searchstring . "Date = $date";
}
if ($message <> "") {
if ($searchstring <> "") { $searchstring = $searchstring . "</b> and <b>"; }
if (strlen($message) > 30) {
$formattedmessage = substr($message, 0, 30) . '...';
} else {
$formattedmessage = $message;
}
$searchstring = $searchstring . "Keywords = $formattedmessage";
}
if ($searchstring == "") { $searchstring = "for <b>All Results</b>"; } else {$searchstring = "where <b>" . $searchstring . "</b>"; }
if ($sort == "") { $sortmsg = "Date and Time"; } else { $sortmsg = ucwords($sort); }
if ($order == 1) { $sortmsg = $sortmsg." in Descending Order"; } else { $sortmsg = $sortmsg." in Ascending Order"; }
$sortmsg = "<b>$sortmsg</b>";
echo "<table width=100% bgcolor=#ffffff><tr><td width=100% bgcolor=#ffffff></td><td nowrap><font face=arial size=2 color=#000000>Search results by Priority: </font></td><td bgcolor=#FAEBD7><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=info&date=$date&limit=$limit><font color=black>Info</font></a> </b></font></td><td bgcolor=#C1FFC1><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=debug&date=$date&limit=$limit><font color=black>Debug</font></a> </b></font></td><td bgcolor=#CAFF70><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=notice&date=$date&limit=$limit><font color=black>Notice</font></a> </b></font></td><td bgcolor=#FFFF00><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=warning&date=$date&limit=$limit><font color=black>Warning</font></a> </b></font></td><td bgcolor=#FFA500><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=err&date=$date&limit=$limit><font color=black>Error</font></a> </b></font></td><td bgcolor=#CC4500><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=crit&date=$date&limit=$limit><font color=black>Critical</font></a> </b></font></td><td bgcolor=#FF0000><font color=black size=2 face=arial><b> <a href=$PHP_SELF?offset=1&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=alert&date=$date&limit=$limit><font color=black>Alert</font></a> </b></font></td></tr></table>";
echo "<table width=100% bgcolor=#3366cc><tr><td><font face=arial size=2 color=white>Searched the logs $searchstring sorted by: $sortmsg.</font></td><td align=right><font face=arial size=2 color=white>Results: <b>$startoffsetnum</b> - <b>$endoffsetnum</b> of <b>$num_results</b>.</font></td></tr></table>";
echo "<div align=center>";
echo "<table border=0 bordercolor=#000000 width=100%>";
echo "<tr bgcolor=#99CCFF>";
echo "<td ALIGN=CENTER><a href=$PHP_SELF?offset=1&host=$host&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit&sort=host&order=$order&neworder=1><b><font size=2 color=#3366cc>Host</b></a></td>";
echo "<td ALIGN=CENTER><a href=$PHP_SELF?offset=1&host=$host&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit&sort=priority&order=$order&neworder=1><b><font size=2 color=#3366cc>Priority</b></a></td>";
echo "<td ALIGN=CENTER><a href=$PHP_SELF?offset=1&host=$host&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit&sort=NumEvents&order=$order&neworder=1><b><font size=2 color=#3366cc>Events</b></a></td>";
echo "<td ALIGN=CENTER><a href=$PHP_SELF?offset=1&host=$host&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit&sort=&order=$order&neworder=1><B><font size=2 color=#3366cc>Last Event</b></a></td>";
echo "<td><a href=$PHP_SELF?offset=1&host=$host&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit&sort=msg&order=$order&neworder=1><b><font size=2 color=#3366cc>Message</b></a></td>";
echo "</tr>";
while ($row = mysql_fetch_array($results))
{
if ($bgcolor == "#FFFFCC") {$bgcolor = "#FFFFFF";} else {$bgcolor = "#FFFFCC";}
echo "<tr bgcolor=$bgcolor>";
echo "<td ALIGN=CENTER VALIGN=TOP NOWRAP><font size=2><a href=index.php?host=$row[host]&priority=$row[priority]&limit=$limit&sort=$sort&order=$order&message=" . urlencode($row[msg]) . "><font color=black>$row[host]</font></a></font></td>";
if ($row[priority] == "info") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#FAEBD7><font size=2>Info</font></td>";
} else if ($row[priority] == "debug") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#C1FFC1><font size=2>Debug</font></td>";
} else if ($row[priority] == "notice") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#CAFF70><font size=2>Notice</font></td>";
} else if ($row[priority] == "warning") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#FFFF00><font size=2>Warning</font></td>";
} else if ($row[priority] == "err") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#FFA500><font size=2><b>Error</b></font></td>";
} else if ($row[priority] == "crit") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#CC4500><font size=2><b>Critical</b></font></td>";
} else if ($row[priority] == "alert") {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#FF0000><font size=2><b>Alert</b></font></td>";
} else {
echo "<td ALIGN=CENTER VALIGN=TOP BGCOLOR=#C0C0C0><font size=2>$row[priority]</font></td>";
}
echo "<td ALIGN=CENTER VALIGN=TOP NOWRAP><font size=2>$row[NumEvents]</font></td>";
echo "<td ALIGN=CENTER VALIGN=TOP NOWRAP><font size=2>$row[timestamp]</font></td>";
# echo "<td VALIGN=TOP><font size=2>".htmlspecialchars($row[msg])."</font></td>";
echo "<td VALIGN=TOP><font size=2>".$row[msg]."</font></td>";
echo "</tr>";
}
echo "</table>";
echo "<hr>";
echo "Result Page: ";
if ($offset!=1) { // bypass PREV link if offset is 0
$firstoffset=0;
print "<a href=\"$PHP_SELF?offset=$firstoffset&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit\"><font color=#000000><< First</font></a> \n";
$prevoffset=$offset-$limit ;
print "<a href=\"$PHP_SELF?offset=$prevoffset&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit\"><font color=#000000>< Previous</font></a> \n";
}
$pages=intval($num_results/$limit);
if ($num_results%$limit) {
$pages++;
}
$page = intval($offset / $limit);
$min = intval($page - 8);
if ($min < 1) { $min = 1; }
$max = intval($page + 10);
if (($max - $min) == $pages) { $max = $max - 1; }
if ($max > $pages) { $max = $pages; }
if ($min > 1) {
print "..... ";
}
#for ($i=1;$i<=$pages;$i++) {
for ($i=$min;$i<=$max;$i++) {
$newoffset=$limit*($i-1)+1;
if ((intval($offset/$limit)+1)==$i )
print "<font color=#800000 face=arial size=3><b>$i</b></font> \n";
else
print "<a href=\"$PHP_SELF?offset=$newoffset&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit\"><font color=#000000>$i</font></a> \n";
}
if ($max < $pages) {
print ".....";
}
if (!(intval($offset/$limit)+1==$pages) && $pages!=1) {
// not last page so give NEXT link
$newoffset=$offset+$limit;
print "   <a href=\"$PHP_SELF?offset=$newoffset&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit\"><font color=#000000>Next ></font></a>\n";
$lastoffset=$limit*($pages-1)+1;
print " <a href=\"$PHP_SELF?offset=$lastoffset&host=$host&sort=$sort&order=$order&message=" . urlencode($message) ."&priority=$priority&date=$date&limit=$limit\"><font color=#000000>Last >></font></a> \n";
}
echo "</div><div align=right><br><br>\n";
$LoggedInUser = $_SERVER['REMOTE_USER'];
$CurrentDate = date('Y/m/d H:i:s',time());
$DateStamp = date('YmdHis',time());
echo "<hr>User <b>$LoggedInUser</b> on <b>$CurrentDate</b><br>\n";
if ($LoggedInUser == "smcnaught" || $LoggedInUser == "dchervenka" || $LoggedInUser == "khook" || $LoggedInUser == "lmcintosh") {
echo "<a href=summary_report.php><font size=1 color=#000000>Daily Summary Report</font></a>";
echo " - <a href=tracking.txt?$DateStamp><font size=1 color=#000000>History</font></a>";
}
if ($LoggedInUser == "smcnaught" || $LoggedInUser == "dchervenka") {
echo " - <a href=usage_summary.php><font size=1 color=#000000>History Summary</font></a>";
}
echo "<br>\n";
$LogFile = "tracking.txt";
$fp = fopen($LogFile, "a");
$querymsg = strip_tags("Searched the logs $searchstring sorted by: $sortmsg.");
$log = "$CurrentDate - $LoggedInUser - Summary - $querymsg\n";
fwrite($fp, $log);
fclose($fp);
?>
<br></div>
<br>
</font></body>
</html>
